Forum Discussion
Conditional Access using certificate from Internal PKI
I've tried implementing this with absolutely no success whatsoever. I've put out internal and root certificate in MCAS. Created my conditional access policy. I can see alerts from my policy so I know the conditional access policy is running and the policy is triggered. But it seems MCAS is simply unable to make any certificate comparison so just blocks everything. Certificate or no certificate. There seems little detail on this. Which browsers are supported? Should it prompt when attempting to verify the certificate?
Hi folks, it would be super helpful to get a support case number so I can track it with the team. You can reach out to me at mailto:alex.esibov@microsoft.comif you need help with this.
In general, the docs cover Client-Certificate Authenticated Devices in quite some detail here: https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad#managed-device-identification
If you feel like this is missing explicit content, please let me know and we can work to update it.
- Thanks for you reply Alex. I think I'll open a support case to get some help on this.
I read that article and I configured both conditional access and MCAS access policy, I uploaded the certificate (I tried only root CA, root + Intermediate CA and only intermediate CA) and in any case it didn't work.
Looking at some logs should be useful to see which part of the certificate validation is failing.
